Tech

This fiendishly clever Gmail phishing scam is the latest that you need to know about

Posted by
Dave Fawbert
Published
Cyber security

Concerns about our online security have barely been out of the news ever since the Cambridge Analytica Facebook data breach scandal hit the headlines a few weeks ago.

After learning that our data, given over in good faith to Facebook, had been given away and then sold to allegedly nefarious operators, there were widespread calls to #deletefacebook before the company eventually rolled out a series of changes with the purpose of making their privacy tools easier to find.

The story has made people suddenly start to question exactly what information they’ve freely been given to giant tech corporations, what’s being done with it and whether we should be quite so free and easy with giving it to them.

Which is all very sensible.

But we shouldn’t also forget that the old, classic methods of getting us to part with sensitive information are still very much in operation out there.

Twitter user @_thp shared a recent phishing scam that they were subject to; and it’s so fiendishly clever that it’s gone viral.

The scam sees the victim being sent a text asking whether they’ve requested a password reset for their Gmail account - and, if not, to reply with the word ‘STOP’.

Naturally, the less savvy will respond with ‘STOP’, whereupon they are urged to send the 6 digit numerical code in order to prevent the password being changed.

Of course, what’s really happened here is that the scammer has requested a password change on your account which, in turn sends a code to the actual owner to verify that they actually want the password changed. By sending the scammer the code, you’re enabling them to complete the password change, which will then enable them to access your emails.

So what should you do if you get one?

Simple: companies will never ask if you don’t want to do something with your account or to ask you to do something to stop something else happening. And trust your own memory - you didn’t ask for a reset, so you shouldn’t be asked about one. Do not reply to the text (doing so will tell the scammers that they have reached a valid number).

Oh, and ensure you have 2-step verification set up on your Google account.

Stay safe out there people.

(Image: Getty)

Topics

Share this article

Author

Dave Fawbert

ShortList.com staff writer Dave’s primary passions are pop, prose, punning and power ballads (and alliteration). A lower division football enthusiast and long-suffering cricket fan, he is one of only 110 people followed on Twitter by Chas Hodges from Chas ‘n’ Dave. Follow Dave on Twitter like Chas: @davefawbert

Related Posts